The object management system of the present invention includes information passing between an interrogator which creates an electromagnetic interrogation field, and the electronically coded tags, which respond by issuing a reply signal that is detected by the interrogator, decoded and consequently supplied to other apparatus in the sorting, controlling or auditing process. The objects to which the tags are attached may be animate or inanimate. In some variants of the system the interrogation medium may be other than electromagnetic, such as optical and/or acoustic.
Typically each tag in a population of such tags may have an identity that is defined by a unique number or code that is assigned to each tag, in a global numbering scheme. The tags may also carry other fixed or variable data. Communications between the interrogator and tags is via a radio-frequency electromagnetic link that is inherently insecure and susceptible to eavesdropping, or the insertion of bogus signals.
Under normal operation the tags may be passive, i.e. they may have no internal energy source and may obtain energy for their reply from the interrogation field, or they may be active and may contain an internal energy source, for example a battery. Such tags respond only when they are within or have recently passed through the interrogation field. The interrogation field may include functions such as signalling to an active tag when to commence a reply or series of replies or selecting a single tag among a population of such tags, or in the case of passive tags may provide energy, a portion of which may be used in constructing the reply.
One example of an insecure electronic tag reading system is illustrated in FIG. 1. In FIG. 1 an interrogator 11, containing a transmitter and receiver, both operating under a controller, communicate via electromagnetic means with a code responding electronic tag 10. This system has a disadvantage in that information passing between tag 10 and interrogator 11 is directly related to information stored within tag 10. A further disadvantage is that the process of communication between tag 10 and interrogator 11 is susceptible to eavesdropping. Because such communication is normally carried out by electromagnetic waves, a clandestine receiver located nearby may make a record of the communication and deduce the data content of a legitimate tag. Knowledge of such data content may subsequently allow counterfeit tags to be manufactured by an unscrupulous party or parties. Such tags may appear legitimate because they can generate data content that is indistinguishable from genuine tags. Eavesdropping may take place either on interrogator to tag communication or tag to interrogator communication. Because of a substantial difference in signal levels involved, communication in the direction from interrogator to tag is much more vulnerable to eavesdropping than is communication in the reverse direction.
In some systems it is important to guard against eavesdropping in one, other or both directions or even to conceal the fact that an information extraction process is under way. Guarding against eavesdropping is particularly important when private information is being extracted from the tag.
Communication between the interrogator and tag is frequently via an exchange of messages in a half duplex mode, but in some systems single bits of data may alternately be sent between interrogator and tag. In this case it is common to regard the process of extraction of data from the tag as equivalent to exploration of a binary tree as illustrated in FIG. 2. In FIG. 2 different bits of a tag identity or tag internal data correspond to different levels of the tree, and a single tag with particular data corresponds to a particular path through the tree. Different paths through the tree correspond to different tags with different data.
As discussed above, it is desirable to ensure that tags are authentic, and not substitute tags which produce easily predictable responses of normal unencoded identification tags. An ability to provide such assurances may be required in product authentication, baggage reconciliation, secure entry systems and the like.
In a number of situations it may also be important that the flow of information between the tag and the interrogator is not meaningful to an eavesdropper. This may include situations where economic or military advantage can be gained from such information becoming known, or when owners of goods with attached tags desire to keep their ownership private. Hence, it is desirable to guard against eavesdropping on the process of communication between an electronic tag and its interrogator.
One defence against eavesdropping employs encryption of data passing between interrogator and tag. However, installation of complex circuits with encryption engines in the tag poses excessive demands on tags designs, which should be maintained as simple as possible for reason of costs. Moreover, even if such encryption engines are used, available encryption algorithms may still allow determined analysts to determine the parameters of those algorithms from eavesdropping operations.